<?php

namespace App\Http\Middleware;

use Illuminate\Http\Request;
use Closure;
use Lauthz\Facades\Enforcer;

class CasbinAuthenticate
{

    public function handle(Request $request, Closure $next, $guards=[]){
        $path = $request->getPathInfo();
        $method = $request->method();

        $user = auth('api')->user();

        if ($user) {
            $user_id = $user['id'];
            if (!Enforcer::enforce("$user_id", $path, $method)) {
                return apiError("抱歉，您当前的操作不具备该权限！", 401);
            }
        }
        return $next($request);
    }
}
